Overview

overview

8

Static

static

3

e130e41e62...7a.exe

windows7-x64

8

e130e41e62...7a.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    e130e41e628624e81c3300c1e2bd8d7a

  • Size

    609KB

  • Sample

    240327-j2cddsbb2v

  • MD5

    e130e41e628624e81c3300c1e2bd8d7a

  • SHA1

    38c3141354b0560245e67d4c76bb55c52f130336

  • SHA256

    9756dc094e4839efc5f308ba4b23b1aedc82641aaa46ec65088e1849cb5a8ffb

  • SHA512

    146a32f0922585d759043ea058b1db36fc7e23c9e93983f36cc1849b959af3435fcd11017dae32521209565423a67753cc59aa5c0df4ab4b3f159234345ef11d

  • SSDEEP

    6144:fzUcEcVzP92Ofgjr1PqedaaXUTBTA4/+UyVGZAHCH59VRSk:lEcVL8O4jrAiXUTBcaCGZB59VRSk

Score
8/10
bootkitevasionpersistence

Malware Config

Targets

    • Target

      e130e41e628624e81c3300c1e2bd8d7a

    • Size

      609KB

    • MD5

      e130e41e628624e81c3300c1e2bd8d7a

    • SHA1

      38c3141354b0560245e67d4c76bb55c52f130336

    • SHA256

      9756dc094e4839efc5f308ba4b23b1aedc82641aaa46ec65088e1849cb5a8ffb

    • SHA512

      146a32f0922585d759043ea058b1db36fc7e23c9e93983f36cc1849b959af3435fcd11017dae32521209565423a67753cc59aa5c0df4ab4b3f159234345ef11d

    • SSDEEP

      6144:fzUcEcVzP92Ofgjr1PqedaaXUTBTA4/+UyVGZAHCH59VRSk:lEcVL8O4jrAiXUTBcaCGZB59VRSk

    Score
    8/10
    bootkitevasionpersistence

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks